CN109450948A - Data transmission method and device - Google Patents

Data transmission method and device Download PDF

Info

Publication number
CN109450948A
CN109450948A CN201811614050.3A CN201811614050A CN109450948A CN 109450948 A CN109450948 A CN 109450948A CN 201811614050 A CN201811614050 A CN 201811614050A CN 109450948 A CN109450948 A CN 109450948A
Authority
CN
China
Prior art keywords
network
data
message
application program
request
Prior art date
Application number
CN201811614050.3A
Other languages
Chinese (zh)
Other versions
CN109450948B (en
Inventor
韩振国
喻波
王志海
安鹏
Original Assignee
北京明朝万达科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京明朝万达科技股份有限公司 filed Critical 北京明朝万达科技股份有限公司
Priority to CN201811614050.3A priority Critical patent/CN109450948B/en
Publication of CN109450948A publication Critical patent/CN109450948A/en
Application granted granted Critical
Publication of CN109450948B publication Critical patent/CN109450948B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/16Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Abstract

The present invention provides a kind of data transmission method and devices, this method comprises: receiving the first message of the first application program in first network;First message includes first request of data or first response data of first application program to the second application program in the second network;From the first connection pool in first network, the first communication connection between first network and the first unidirectional gateway is obtained;Using the first communication connection, first message is sent to the second network via the first unidirectional gateway;Establish the second communication connection between first network and the second unidirectional gateway;Using the second communication connection, the second message from the second unidirectional gateway is received;Second message is sent to the second unidirectional gateway by the second application program in the second network;Second message is sent to the first application program.Application program of the invention is not necessarily to and two unidirectional gateway communications, development difficulty, the data degree of coupling of application program is reduced, to be conducive to the extension and maintenance of application program.

Description

Data transmission method and device

Technical field

The present invention relates to technical field of data transmission, more particularly to a kind of data transmission method and device.

Background technique

Currently, mainly connect by application program with unidirectional gateway when exchanging the data between Intranet and outer net, from And the transmission of the data exchange between intranet and extranet is carried out by means of unidirectional gateway.

So when exploitation is directly facing application program (i.e. the software) of unidirectional gateway communication, need to open in the application Send out its connection between unidirectional gateway, data are sent and data receiver etc. cumbersome code logic.Also, in exploitation In application program, data transfer layer and service code layer are coupled.

Therefore, when application program being connect and carried out data transmission with unidirectional gateway direct communication, often there is applications Program development difficulty is big, the data degree of coupling is high, is unfavorable for the problem of extension of application program.

Summary of the invention

The present invention provides a kind of data transmission method and devices, to solve to develop towards unidirectional gateway in the related technology Application program is come when carrying out the data exchange between intranet application and outer net application program, existing application development Difficulty is big, the data degree of coupling is high, is unfavorable for the problem of extension of application program.

To solve the above-mentioned problems, according to an aspect of the present invention, the invention discloses a kind of data transmission method, packets It includes:

Receive the first message of the first application program in first network;

Wherein, the first message includes first application program to first of the second application program in the second network Request of data or the first response data;

Wherein, it is physically isolated between the first network and second network;

From the first connection pool in first network, first obtained between the first network and the first unidirectional gateway is led to Letter connection;

Using first communication connection, the first message is sent to the second net via the described first unidirectional gateway Network;

Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;

Establish the second communication connection between the first network and the second unidirectional gateway;

Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;

Using second communication connection, the second message from the described second unidirectional gateway is received;

Wherein, the second message is sent to described second unidirectionally by second application program in second network Gateway;The second message includes second request of data or second sound of second application program to first application program Answer data;

Judge that the second message includes second request of data or second response data;

If the second message includes second request of data, second request of data is sent to described first Application program;

If the second message includes the second response data, second response data is sent to first application Program.

Optionally, described using first communication connection, the first message is sent out via the described first unidirectional gateway It send to before the second network, the method also includes:

Coded treatment is made to the first message;

It is described to be communicated to connect using described first, the first message is sent to second via the described first unidirectional gateway Network, comprising:

Using first communication connection, the first message after coding is sent to via the described first unidirectional gateway Second network.

Optionally, the judgement second message include second request of data or second response data it Before, the method also includes:

Decoding process is made to the second message;

The judgement second message includes second request of data or second response data, comprising:

Judge that the decoded second message includes second request of data or second response data.

Optionally, the judgement second message include second request of data or second response data it Before, the method also includes:

Obtain the default identification information of second application program carried in the second message;

Judgement is stored in advance into the application identification information of first application program, if includes the default mark letter Breath;

If it is not, then filtering the second message;

The judgement second message includes second request of data or second response data, comprising:

It include the default identification information, then if being stored in advance into the application identification information of first application program Judge that the second message includes second request of data or second response data.

Optionally, second communication connection established between the first network and the second unidirectional gateway, comprising:

Establish the second communication connection between the first listening port in the first network and the second unidirectional gateway.

According to another aspect of the present invention, the invention also discloses a kind of data transmission devices, comprising:

First receiving module, for receiving the first message of the first application program in first network;

Wherein, the first message includes first application program to first of the second application program in the second network Request of data or the first response data;

Wherein, it is physically isolated between the first network and second network;

First obtains module, for from the first connection pool in first network, obtaining the first network and the first list To the first communication connection between gateway;

First sending module, it is for being communicated to connect using described first, the first message is unidirectional via described first Gateway is sent to the second network;

Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;

Module is established, the second communication connection for establishing between the first network and the second unidirectional gateway;

Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;

Second receiving module, for receiving second from the described second unidirectional gateway using second communication connection Message;

Wherein, the second message is sent to described second unidirectionally by second application program in second network Gateway;The second message includes second request of data or second sound of second application program to first application program Answer data;

First judgment module, for judging that the second message includes second request of data or second response Data;

Second sending module, if including second request of data for the second message, by second data Request is sent to first application program;

Third sending module, if including the second response data for the second message, by second response data It is sent to first application program.

Optionally, described device further include:

Coding module, for making coded treatment to the first message;

First sending module is also used to pass through the first message after coding using first communication connection Second network is sent to by the described first unidirectional gateway.

Optionally, described device further include:

Decoder module, for making decoding process to the second message;

The first judgment module, be also used to judge the decoded second message include second request of data also It is second response data.

Optionally, described device further include:

Second obtains module, and the default mark for obtaining second application program carried in the second message is believed Breath;

Second judgment module is stored in advance for judging into the application identification information of first application program, if Include the default identification information;

Filtering module, if being stored in advance for second judgment module judgement to the application mark of first application program Know in information, does not include the default identification information, then filter the second message;

The first judgment module is stored in advance to described first if being also used to the second judgment module judgement using journey In the application identification information of sequence, includes the default identification information, then judge that the second message includes that second data are asked Seek still second response data.

Optionally, described to establish module, the first listening port for being also used to establish in the first network and second is unidirectionally The second communication connection between gateway.

Compared with prior art, the present invention includes the following advantages:

The present invention obtains first network and the first list by receiving the first message of the first application program in first network To the first communication connection between gateway, without the connection established between the first application program and the first unidirectional gateway, and utilize First communication connection, is sent to the second network via the first unidirectional gateway for first message;In addition, the embodiment of the present invention may be used also With the second communication connection established between first network and the second unidirectional gateway, to be received using the second communication connection from the Second application program of two networks and via the second message of the second unidirectional gateway, and send it in first network first Application program.In the data exchange process of the second application program of the first application program and the second network of first network, answer It is not necessarily to program and two unidirectional gateways communicates, it is only necessary to sent message and receive message, significantly reduce opening for application program Degree of raising difficult questions;Also, application program need to only carry out data transmission, without carrying out the processing of service logic, and the embodiment of the present invention Middleware realizes the processing of service logic, so that data transfer layer and service code layer be decoupled, reduces the data degree of coupling, To be conducive to the extension and maintenance of application program.

Detailed description of the invention

Fig. 1 is a kind of schematic diagram of data transmission system embodiment of the invention;

Fig. 2 is a kind of step flow chart of data transmission method embodiment of the invention;

Fig. 3 is a kind of structural block diagram of data transmission device embodiment of the invention.

Specific embodiment

In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real Applying mode, the present invention is described in further detail.

Referring to Fig.1, a kind of schematic diagram of data transmission system embodiment of the invention is shown.

The data transmission system includes application program 1 and middleware 1 in first network, in answering for the second network With program 2 and middleware 2.

Wherein, it is physically isolated between the first network and second network, when first network is outer net, the second net Network is Intranet;When first network is Intranet, the second network is outer net.It is real in the present embodiment and transmission method shown in Fig. 2 It applies in example, first network is outer net, and the second network is Intranet.

It wherein, include the first unidirectional gateway (gateway 1 as shown in Figure 1) between the first network and second network With the second unidirectional gateway (gateway 2 as shown in Figure 1), the first unidirectional gateway is used for from the first network to described second Transmitted data on network, the second unidirectional gateway are used to transmit data from second network to the first network.

Wherein, Intranet is internal security network, and outer net is public network.

And gateway 1 and gateway 2 are then two physical equipments, gateway 1 and gateway 2 are deployed between Intranet and outer net, interior Net and outer net carry out data interaction by using two unidirectional gateways.

In order to avoid develop be directly facing unidirectional gateway application program (for example, application program 1 directly with gateway 1 and net Lock 2 communicates, to achieve the purpose that inside and outside network data transmission;For another example application program 2 is directly communicated to connect with gateway 1 and gateway 2, is come Achieve the purpose that inside and outside network data transmission) caused by application development difficulty it is big, the data degree of coupling is high, is unfavorable for using journey The problem of extension of sequence, develops middleware in outer net and Intranet in embodiments of the present invention, as shown in Figure 1, here will place Middleware in outer net is named as middleware 1, and the middleware in Intranet is named as middleware 2.

The middleware (middleware) of the embodiment of the present invention is a kind of independent system software or service routine, using journey Middleware can be used to be communicated with unidirectional gateway, since middleware can shield gateway, so that application program is opened in sequence Originator can not have to the presence for being concerned about unidirectional gateway, only need to be towards middle unit development application program, to reduce application program Development difficulty.

Middleware is located on the operating system of client/server, is responsible for sending and receiving application program and unidirectional network Data packet between lock.It is the software for connecting two independent unidirectional gateways, the request data that application program can be sent Packet is sent to the other end, has handled in the other end and then response data packet is sent to request end.

When developing the application program towards middleware, it is only necessary to develop to middleware and send data, receive from centre The response data of part;Alternatively, request data is received from middleware, then to middleware returning response data.Without exploitation Communication connection between application program and unidirectional gateway, so, the embodiment of the present invention by application program and unidirectional gateway it Between communication in develop middleware, so as to reduce the exploitation requirement of application program, simplify development process, improve using journey The reusability of sequence, facilitates test and maintenance;And the data transfer layer of application program and business layer identification code can be made to be separated, The appearance for reducing error situation in exploitation, enhances scalability.

It shows a kind of data transmission method of the invention referring to Fig. 2 based on data transmission system shown in FIG. 1 and implements The step flow chart of example.Fig. 2 shows the embodiment of the present invention exploitation middleware realized data transmission method the step of stream Cheng Tu.

Due to the middleware being whether deployed in outer net or Intranet, may be implemented the number of local terminal application program It is sent to the other end according to request or response data, and the response data or request of data that receive the transmission of other end application program are simultaneously It is transmitted to the function of local terminal application program.So in order to avoid repeating to repeat, in the embodiment shown in Figure 2, with middleware 1 Part workflow illustrates the data transmission stream that the request of data of local terminal application program or response data are sent to the other end Journey, with the part workflow of middleware 2 come illustrate receive other end application program send response data or request of data simultaneously It is transmitted to the function of local terminal application program.

This method can specifically include following steps:

Step 100, the listening port 1 of outer net connection pool and middleware 1 is initialized;

Step 200, the listening port 2 of Intranet connection pool and middleware 2 is initialized;

Wherein, Intranet and outer net are each equipped with respective connection pool.

Connection pool is the buffer pool of one connection of creation and management, and connection pool includes multiple connections, these connections are ready to By they any required thread come using.

Wherein, above-mentioned steps 100 can be executed by middleware 1, and step 200 can be executed by middleware 2, at other In embodiment, above-mentioned two step can also be executed by other devices in outer net, Intranet respectively, and the present invention does not limit this System.

As shown in Figure 1, the connection pool of outer net includes connection A, connection A can be established the middleware 1 of outer net and gateway 1 Socket (socket) communication connection, middleware 1 by called from outer net connection pool connection A so as to gateway 1 into Row communication, middleware 1 mainly sends the message (request of data or number of responses sent by application program 1 by connection A here According to) to gateway 1;

So the connection pool of outer net is initialized here, i.e., each connection in connection pool is initialized.

The listening port 1 of the middleware 1 of outer net is responsible for and gateway 2 establishes Socket communication connection B, and monitors the hair of gateway 2 The data sent, then middleware 1 then can receive the message (request of data and sound of the application program 2 from Intranet by connecting B Answer data).

So listening port 1 is initialized here, consequently facilitating subsequent establish connection B.

Similar, the connection pool of Intranet includes connection C, and connection C can establish the middleware 2 of Intranet and gateway 2 Socket communication connection, middleware 2 by calling connection C so as to be communicated with gateway 2 from Intranet connection pool, this In middleware 2 message (request of data or response data that are sent by application program 2) is mainly sent to gateway 2 by connection C;

So the connection pool of Intranet is initialized here, i.e., each connection in connection pool is initialized.

The listening port 2 of the middleware 2 of Intranet is responsible for and gateway 1 establishes Socket connection communication D, and monitors the hair of gateway 1 The data sent, then middleware 2 then can receive the message (request of data and sound of the application program 2 from Intranet by connecting D Answer data)

So listening port 2 is initialized here, consequently facilitating subsequent establish connection D.

In addition, the embodiment of the present invention in advance configures middleware 1, middleware 2, gateway 1 and gateway 2, thus just Aforementioned four connection is established in subsequent.

For example, the embodiment of the present invention has been pre-configured with the port 3 of gateway 1 to middleware 1, then middleware 1 is from outer net The connection A obtained in connection pool is to the connection for communicating the port 3 of middleware 1 and gateway 1.

And the destination address of middleware 2 has been pre-configured on gateway 1, i.e. listening port 2, so that gateway 1 can be with centre Part 2 establishes connection D.

So middleware 1 is in the request/response to Intranet for receiving application program 1, just in transmitting uplink data Request/response can be sent to the port 3 of gateway 1 by connection A, the port 3 of gateway 1 receives request/response, then passes through D is connected, request/response is sent to the listening port 2 of middleware 2;

Similar, the port 4 of gateway 2 is pre-configured with to middleware 1, then middleware 2 is in the connection pool from Intranet The connection C of acquisition is to the connection for communicating the port 4 of middleware 2 and gateway 2.

And the destination address of middleware 1 has been pre-configured on gateway 2, i.e. listening port 1, so that gateway 2 can be with centre Part 1 establishes connection B.

So middleware 2 is in the request/response to outer net for receiving application program 2, just in downlink data transmission Request/response can be sent to the port 4 of gateway 2 by connection C, the port 4 of gateway 2 receives request/response, then passes through B is connected, request/response is sent to the listening port 1 of middleware 1.

Above-mentioned steps 100 and step 200 are the prerequisite steps that the system of the embodiment of the present invention is carried out after actuation, because This, belongs to optional step in the transmission method of the embodiment of the present invention.

Step 101, the first message of the application program 1 in outer net is received;

Wherein, the first message includes first request of data or first of the application program 1 to the application program 2 in Intranet Response data;

Wherein, here using first network as outer net, the second network is the explanation that Intranet carries out process, it should be noted that It is that, when first network is Intranet, and the second network is outer net, transmission method described in the embodiment of the present invention equally may be implemented, Method flow is similar, therefore does not do and repeat one by one.

Wherein, when the application program 1 in outer net, which wants request, obtains data from the application program 2 in Intranet, then the One message is the first request of data, when the application program 2 in Intranet makees the second request of data to application program 1, then here First response data is the response data for the second request of data.

In specific implementation, application program 1 due to be towards middleware 1 develop, sent a message in its needs When Intranet, application program 1 can call the method that can send message of middleware 1.For example, when it needs to carry out data When request, then the methods of get () or post () can be called to send the first request of data, when it needs to send response data, The methods of sent () can be then called to send the first response data.In this way, middleware 1, which can receive, carrys out self-application journey The first message of sequence 1.

Step 102, from the outer net connection pool in outer net, the connection A between the outer net and gateway 1 is obtained;

Wherein, the first communication connection here is the above-mentioned connection A obtained from outer net connection pool.

Optionally, step 103, coded treatment is made to the first message;

Wherein, the mode of coded treatment can include but is not limited to compression, Packet reassembling etc..

Wherein, the present invention for step 102 and step 103 execution sequence with no restrictions.

Step 104, using the connection A, the first message after coding is sent to Intranet via the gateway 1;

Wherein, gateway 1 has been pre-configured with the destination address of middleware 2, is here listening port 2, then middleware 1 utilizes After first message is sent to gateway 1 by connection A, first message can be then sent to the listening port 2 of middleware 2 by gateway 1, To achieve the purpose that first message mode to Intranet.

Step 201, the connection D between the Intranet and gateway 1 is established;

Wherein, middleware 2 can establish the connection D between the listening port 2 in the Intranet and gateway 1.

Step 202, using the connection D, the first message from the gateway 2 is received;

Wherein, middleware 2 can use the connection D to receive the first message that middleware 1 is sent via gateway 1.

Specifically, first message is sent to the listening port 2 of middleware 2 by gateway 1, middleware 2 is obtained from listening port 2 Get first message.

Optionally, step 203, decoding process is made to the first message;

Wherein, the mode of decoding process is corresponding with the mode of above-mentioned coded treatment, can include but is not limited to decompression, Weed out identity property relevant to website transmission and test serial number etc..

Optionally, step 204, the default mark letter of the application program 1 carried in the decoded first message is obtained Breath;

Wherein, which can be the IP address of application program 1.

Optionally, step 205, judgement is stored in advance into the application identification information of first application program, if packet Containing the default identification information;

Wherein, in order to ensure the safety of data in Intranet, be not illegally stolen, the method for the embodiment of the present invention just for The application program that application program 2 into Intranet registered provides data access, wherein registered application program is in middleware 2 sides can save the application identification information (such as IP address) of registered applications program, so, this step may determine that into Whether the application program 1 of row request of data is the authoring program registered to application program 2.

If it is not, then step 206, filters the first message;

Illustrating that the application program 1 did not register, the first message of request does not need to respond, directly filters, Any response processing is not done.

If so, step 207, judges that the decoded first message includes first request of data or described first Response data;

That is, in the case where determining application program 1 is the authoring program registered in advance to application program 2, then It may determine that the decoded first message is request of data or response data, be the first request of data or the first sound Answer data.

Step 208, if the first message includes first request of data, first request of data is sent to Application program 2;

Wherein, if first message is the first request of data, illustrate that the application program 1 of outer net wants access to application program The first request of data that certification passes through then can be sent to monitor, be asked first data by monitor by the data in 2 It asks and is sent to application program 2.

It wherein, may include monitor in middleware 2, the message of monitor request type for receiving data, therefore, It can receive the first request of data, and be transmitted to application program 2.

Step 209, if the first message includes the first response data, first response data is sent to application Program 2.

Wherein, if first message is response data, illustrate that first message transmitted by the application program 1 of outer net is pair The response of second request of data of application program 2, here it is possible to which the first response data is sent to application program 2.

It, can be by way of obstruction or monitoring specifically, when the first response data is sent to application program 2 Mode obtains the first response data, and forwards it to application program 2.

Wherein, when the response data is important, i.e., when priority is lower, the first response data can be hindered Plug, when program 2 to be applied is not at busy condition, then receives first response data;When the response data is important, i.e., It, then can be by the way of monitoring, as long as listening to response data, such as the first number of responses here when priority is higher According to being forwarded to application program 2.

Middleware 1 is described in detail how by the first data of the application program 1 of outer net in 101~step 104 of above-mentioned steps Request or the first response data, are sent to Intranet via gateway 1;Middleware 2 is described in detail how in step 201~step 209 By above-mentioned first request of data or the first response data from outer net, the application program 2 of Intranet is sent to via gateway 1.

And middleware 2 sends the second response data or the second request of data of the application program 2 of Intranet via gateway 2 It is substantially similar with step 101~step 104 performed by above-mentioned middleware 1 to the process of outer net, therefore, do not do herein in detail Carefully repeat;

Similarly, middleware 1 sends above-mentioned second response data or the second request of data from Intranet via gateway 2 It is substantially similar with step 201~step 209 performed by above-mentioned middleware 2 to the process of the application program 1 of outer net, therefore, It is not described in detail herein.

That is, 101~the step 104 of above-mentioned steps executed by middleware 1, can also it is similar by middleware 2 It executes, correspondingly, the 201~step 209 of above-mentioned steps executed by middleware 2, similar can also be executed by middleware 1. Because middleware 1 and middleware 2 are the same a products of exploitation, only it is deployed in heterogeneous networks, their function Identical, middleware 1 and middleware 2 are provided with from local terminal to the other end and send data, and receive from the other end to local terminal The function of the data of transmission.

So due to 101~step 104 of above-mentioned steps and step 201~step 209 be described in detail data from Transmission mode from outer net to Intranet detailed process, therefore, transmission mode of the present invention no longer to data from Intranet to outer net Detailed process repeats, and mutually refers to.

Wherein, to the response results of the first request of data, i.e., outside the second response data here can be application program 2 When net is to Intranet request data, after step 209, application program 2 responds the first request of data, pass through call it is intermediate The method (such as sent () method exemplified above) that can send message of part 2, is sent to centre for the second response data Part 2.

Similar, above-mentioned first response data can be application program 1 to the response results of the second request of data, i.e., including When net is to outer net request data, application program 1 responds the second request of data, passes through and calls capable of sending for middleware 1 The method (such as sent () method exemplified above) of message, is sent to middleware 1 for the first response data, thus in Between part 1 execute above-mentioned steps 101.

By means of the technical solution of the above embodiment of the present invention, the present invention is by receiving the first application program in first network First message, and the first communication connection between first network and the first unidirectional gateway is obtained, without establishing first using journey Connection between sequence and the first unidirectional gateway, and using first communication connection, first message is sent out via the first unidirectional gateway It send to the second network;In addition, second communicating of can also establishing between first network and the second unidirectional gateway of the embodiment of the present invention Connection, to receive the second application program from the second network using the second communication connection and via the of the second unidirectional gateway Two message, and send it to the first application program in first network.In the first application program and the second net of first network In the data exchange process of second application program of network, application program is not necessarily to and two unidirectional gateway communications, it is only necessary to which transmission disappears Breath and reception message, significantly reduce the development difficulty of application program;Also, application program need to only carry out data transmission, and be not necessarily to The processing of service logic is carried out, and the middleware of the embodiment of the present invention realizes the processing of service logic, so that data be transmitted Layer and the decoupling of service code layer, reduce the data degree of coupling, to be conducive to the extension and maintenance of application program.

In addition, the data packet that the data transmission method of the embodiment of the present invention is transmitted can support various protocols, such as The data packet of http protocol, data packet of Transmission Control Protocol etc., when the data packet to various agreements carries out data transmission, method All be it is similar, executed according to transmission flow described in above-mentioned Fig. 2 embodiment.So by configuring its branch on middleware The protocol type held promotes number in Intranet or outer net to can also control the data type of the transmission between internal, external network According to safety.

It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented Necessary to example.

It is corresponding with method provided by the embodiments of the present invention, referring to Fig. 3, show a kind of data transmission of the present invention The structural block diagram of Installation practice, can specifically include following module:

First receiving module 31, for receiving the first message of the first application program in first network;

Wherein, the first message includes first application program to first of the second application program in the second network Request of data or the first response data;

Wherein, it is physically isolated between the first network and second network;

First obtains module 32, for obtaining the first network and first from the first connection pool in first network The first communication connection between unidirectional gateway;

First sending module 33, it is for being communicated to connect using described first, the first message is single via described first The second network is sent to gateway;

Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;

Module 34 is established, the second communication connection for establishing between the first network and the second unidirectional gateway;

Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;

Second receiving module 35, for receiving the from the described second unidirectional gateway using second communication connection Two message;

Wherein, the second message is sent to described second unidirectionally by second application program in second network Gateway;The second message includes second request of data or second sound of second application program to first application program Answer data;

First judgment module 36, for judging that the second message includes second request of data or second sound Answer data;

Second sending module 37, if including second request of data for the second message, by second number First application program is sent to according to request;

Third sending module 38, if including the second response data for the second message, by second number of responses According to being sent to first application program.

Optionally, described device further include:

Coding module, for making coded treatment to the first message;

First sending module 33 is also used to using first communication connection, by the first message after coding The second network is sent to via the described first unidirectional gateway.

Optionally, described device further include:

Decoder module, for making decoding process to the second message;

The first judgment module 36 is also used to judge that the decoded second message includes second request of data Or second response data.

Optionally, described device further include:

Second obtains module, and the default mark for obtaining second application program carried in the second message is believed Breath;

Second judgment module is stored in advance for judging into the application identification information of first application program, if Include the default identification information;

Filtering module, if being stored in advance for second judgment module judgement to the application mark of first application program Know in information, does not include the default identification information, then filter the second message;

The first judgment module 36 is stored in advance if being also used to the second judgment module judgement to first application In the application identification information of program, includes the default identification information, then judge that the second message includes second data Request or second response data.

Optionally, described to establish module 34, the first listening port for being also used to establish in the first network and the second list To the second communication connection between gateway.

Optionally, first receiving module 31 is also used to receive from first application program to described second First response data of request of data.

Optionally, when the first network is Intranet, second network is outer net;When the first network is outer net When, second network is Intranet.

For device embodiment, since it is basically similar to the method embodiment, related so being described relatively simple Place illustrates referring to the part of embodiment of the method.

All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.

It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code The form of the computer program product of implementation.

The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram The device of specified function.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram The function of being specified in frame or multiple boxes.

These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart And/or in one or more blocks of the block diagram specify function the step of.

Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.

Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.

A kind of data transmission method provided by the present invention, a kind of data transmission device and a kind of data are transmitted above System is described in detail, and used herein a specific example illustrates the principle and implementation of the invention, with The explanation of upper embodiment is merely used to help understand method and its core concept of the invention;Meanwhile for the general of this field Technical staff, according to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion The contents of this specification are not to be construed as limiting the invention.

Claims (10)

1. a kind of data transmission method, which is characterized in that the described method includes:
Receive the first message of the first application program in first network;
Wherein, the first message includes first data of first application program to the second application program in the second network Request or the first response data;
Wherein, it is physically isolated between the first network and second network;
From the first connection pool in first network, the first communication link between the first network and the first unidirectional gateway is obtained It connects;
Using first communication connection, the first message is sent to the second network via the described first unidirectional gateway;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Establish the second communication connection between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Using second communication connection, the second message from the described second unidirectional gateway is received;
Wherein, the second message is sent to second unidirectional network by second application program in second network Lock;The second message includes that second application program responds the second request of data of first application program or second Data;
Judge that the second message includes second request of data or second response data;
If the second message includes second request of data, second request of data is sent to first application Program;
If the second message includes the second response data, second response data is sent to described first using journey Sequence.
2. the method according to claim 1, wherein
It is described to be communicated to connect using described first, the first message is sent to the second network via the described first unidirectional gateway Before, the method also includes:
Coded treatment is made to the first message;
It is described to be communicated to connect using described first, the first message is sent to the second net via the described first unidirectional gateway Network, comprising:
Using first communication connection, the first message after coding is sent to second via the described first unidirectional gateway Network.
3. the method according to claim 1, wherein the judgement second message includes second data Before request or second response data, the method also includes:
Decoding process is made to the second message;
The judgement second message includes second request of data or second response data, comprising:
Judge that the decoded second message includes second request of data or second response data.
4. the method according to claim 1, wherein the judgement second message includes second data Before request or second response data, the method also includes:
Obtain the default identification information of second application program carried in the second message;
Judgement is stored in advance into the application identification information of first application program, if includes the default identification information;
If it is not, then filtering the second message;
The judgement second message includes second request of data or second response data, comprising:
If being stored in advance into the application identification information of first application program, includes the default identification information, then judge The second message includes second request of data or second response data.
5. the method according to claim 1, wherein it is described establish the first network and the second unidirectional gateway it Between second communication connection, comprising:
Establish the second communication connection between the first listening port in the first network and the second unidirectional gateway.
6. a kind of data transmission device characterized by comprising
First receiving module, for receiving the first message of the first application program in first network;
Wherein, the first message includes first data of first application program to the second application program in the second network Request or the first response data;
Wherein, it is physically isolated between the first network and second network;
First obtains module, for obtaining the first network and the first unidirectional network from the first connection pool in first network The first communication connection between lock;
First sending module, for being communicated to connect using described first, by the first message via the described first unidirectional gateway It is sent to the second network;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Module is established, the second communication connection for establishing between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Second receiving module, for receiving the second message from the described second unidirectional gateway using second communication connection;
Wherein, the second message is sent to second unidirectional network by second application program in second network Lock;The second message includes that second application program responds the second request of data of first application program or second Data;
First judgment module, for judging that the second message includes second request of data or second number of responses According to;
Second sending module, if including second request of data for the second message, by second request of data It is sent to first application program;
Third sending module sends second response data if including the second response data for the second message To first application program.
7. device according to claim 6, which is characterized in that described device further include:
Coding module, for making coded treatment to the first message;
First sending module is also used to using first communication connection, by the first message after coding via institute It states the first unidirectional gateway and is sent to the second network.
8. device according to claim 6, which is characterized in that described device further include:
Decoder module, for making decoding process to the second message;
The first judgment module is also used to judge that the decoded second message includes second request of data or institute State the second response data.
9. device according to claim 6, which is characterized in that described device further include:
Second obtains module, for obtaining the default identification information of second application program carried in the second message;
Second judgment module is stored in advance for judging into the application identification information of first application program, if include The default identification information;
Filtering module, if being stored in advance for second judgment module judgement to the application identities letter of first application program In breath, does not include the default identification information, then filter the second message;
The first judgment module is stored in advance if being also used to the second judgment module judgement to first application program In application identification information, include the default identification information, then judge the second message include second request of data also It is second response data.
10. device according to claim 6, which is characterized in that
It is described to establish module, it is also used to establish between the first listening port in the first network and the second unidirectional gateway Two communication connections.
CN201811614050.3A 2018-12-27 2018-12-27 Data transmission method and device CN109450948B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811614050.3A CN109450948B (en) 2018-12-27 2018-12-27 Data transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811614050.3A CN109450948B (en) 2018-12-27 2018-12-27 Data transmission method and device

Publications (2)

Publication Number Publication Date
CN109450948A true CN109450948A (en) 2019-03-08
CN109450948B CN109450948B (en) 2020-01-03

Family

ID=65539706

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811614050.3A CN109450948B (en) 2018-12-27 2018-12-27 Data transmission method and device

Country Status (1)

Country Link
CN (1) CN109450948B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697536A (en) * 2009-10-16 2010-04-21 深圳市科陆电子科技股份有限公司; Method for transmitting mass data in real time by penetrating positive physical isolation device
CN103491072A (en) * 2013-09-06 2014-01-01 北京信息控制研究所 Boundary access control method based on double one-way separation gatekeepers
CN107454186A (en) * 2017-08-24 2017-12-08 国网浙江省电力公司衢州供电公司 A kind of data safe transmission method based on message queue
CN107634984A (en) * 2017-08-07 2018-01-26 国网河南省电力公司 A kind of file synchronisation method based on one-way transmission path
CN108234506A (en) * 2018-01-15 2018-06-29 马晓东 A kind of unidirection insulation network brake and data transmission method
US20180255102A1 (en) * 2017-03-03 2018-09-06 Microsoft Technology Licensing, Llc Incremental security policy development for an enterprise network
CN108540499A (en) * 2018-06-26 2018-09-14 中国华电集团科学技术研究总院有限公司 Electric power networks data transmission system with duplex channel and data transmission method
CN108810011A (en) * 2018-06-29 2018-11-13 南京南瑞继保电气有限公司 A kind of universal network secure accessing sound zone system and message processing method suitable for power private network
CN208257855U (en) * 2018-06-26 2018-12-18 中国华电集团科学技术研究总院有限公司 Electric power networks data transmission system with duplex channel

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697536A (en) * 2009-10-16 2010-04-21 深圳市科陆电子科技股份有限公司; Method for transmitting mass data in real time by penetrating positive physical isolation device
CN103491072A (en) * 2013-09-06 2014-01-01 北京信息控制研究所 Boundary access control method based on double one-way separation gatekeepers
US20180255102A1 (en) * 2017-03-03 2018-09-06 Microsoft Technology Licensing, Llc Incremental security policy development for an enterprise network
CN107634984A (en) * 2017-08-07 2018-01-26 国网河南省电力公司 A kind of file synchronisation method based on one-way transmission path
CN107454186A (en) * 2017-08-24 2017-12-08 国网浙江省电力公司衢州供电公司 A kind of data safe transmission method based on message queue
CN108234506A (en) * 2018-01-15 2018-06-29 马晓东 A kind of unidirection insulation network brake and data transmission method
CN108540499A (en) * 2018-06-26 2018-09-14 中国华电集团科学技术研究总院有限公司 Electric power networks data transmission system with duplex channel and data transmission method
CN208257855U (en) * 2018-06-26 2018-12-18 中国华电集团科学技术研究总院有限公司 Electric power networks data transmission system with duplex channel
CN108810011A (en) * 2018-06-29 2018-11-13 南京南瑞继保电气有限公司 A kind of universal network secure accessing sound zone system and message processing method suitable for power private network

Also Published As

Publication number Publication date
CN109450948B (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CA2884013C (en) Gateway device for machine-to-machine communication with dual cellular interfaces
TWI251418B (en) Method and system for selecting a security format conversion
KR100372403B1 (en) Remote proxy system and method
JP2005515716A (en) Communication application server for converged communication services
US10110855B2 (en) Wireless video camera and connection methods including a USB emulation
JP3320297B2 (en) Station for connecting to the operation mode establish and maintain methods and lan switch ports
US20170142166A1 (en) System and method for real-time communication by using a client application communication protocol
JP4577683B2 (en) Common protocol layer structure, data transmission method and common protocol packet for mutual data transmission between different protocols
US6633985B2 (en) System and method for videoconferencing across networks separated by a firewall
TW201129041A (en) Systems and methods for establishing connections between devices communicating over a network
Notra et al. An experimental study of security and privacy risks with emerging household appliances
Chen et al. A brief introduction to IoT gateway
US9294519B2 (en) File server device
WO2006074436A3 (en) Firewall method and apparatus for industrial systems
CN101841519B (en) Multimedia communication session coordination across heterogeneous transport networks
US8514841B2 (en) IP-based call content intercept using repeaters
WO2011153737A1 (en) Device, system and method for implementing smart home applications
KR101705764B1 (en) Wireless docking
US7788383B2 (en) Communicating a selection of a potential configuration
CN1625879A (en) Address hopping of packet-based communications
JP2006254402A (en) Multimedia conference system, conference method employing same, and computer readable media
US6985697B2 (en) Method and system for wirelessly managing the operation of a network appliance over a limited distance
AU2003302045B2 (en) Extended handset functionality and mobility
CN1893502A (en) Signal-type dependent real-time fax relay
US7590710B1 (en) Method and system for extending a communication port via a general purpose network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant